Apport 2.17.3

Milestone information

Martin Pitt
Release registered:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon apport-2.17.3.tar.gz (md5, sig) release tarball 29
last downloaded 54 weeks ago
Total downloads: 29

Release notes 

* SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
   program that is suid root or not readable for the user would create
   root-owned core files in the current directory of that program. Creating
   specially crafted core files in /etc/logrotate.d or similar could then lead
   to arbitrary code execution with root privileges.
   Now core files do not get written for these kinds of programs, in accordance
   with the intention of core(5).
   Thanks to Sander Bos for discovering this issue!
   (CVE-2015-1324, LP: #1452239)
 * SECURITY UPDATE: When writing a core dump file for a crashed packaged
   program, don't close and reopen the .crash report file but just rewind and
   re-read it. This prevents the user from modifying the .crash report file
   while "apport" is running to inject data and creating crafted core
   dump files. In conjunction with the above vulnerability of writing core
   dump files to arbitrary directories this could be exploited to gain root
   Thanks to Philip Pettersson for discovering this issue!
   (CVE-2015-1325, LP: #1453900)
 * apportcheckresume: Fix "occured" typo, thanks Matthew Paul Thomas.
   (LP: #1448636)
 * signal_crashes test: Fix test_crash_setuid_* to look at whether
   suid_dumpable was enabled.
 * test/run: Run UI tests under dbus-launch, newer GTK versions require this


This release does not have a changelog.

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.